WizyWyg
|
| Posted: 04/16/2003, 7:17 PM |
|
I've created a log-in form to access the admin parts of my site. However, when access ex. adminexamplegrid.php , it of course, redirects to login.php. That form once logged in is supposed to take you to adminpages.php. But, when I try to login, it bumps me to .php (so it brings up an error/file does not exist). Yes, no file name, just .php
This is with Win2k IIS server, latest php release (just updated) and latest Mysql release (4.0). Site created in Code Charge 2.0.5 using Php + Templates and Mysql Database.
Looking at hte php file generated by CC, I see this (Im using MD5 for pw encrypton so the dbquery was changed for that):
//===============================
// Login Form Action
//-------------------------------
function login_action($sAction)
{
global $db;
global $tpl;
global $sloginErr;
global $filename;
switch(strtolower($sAction))
{
case "login":
//-------------------------------
// login CustomLogin Event begin
//-------------------------------
$sLogin = get_param("Login");
$sPassword = get_param("Password");
$db->query("SELECT userid,usergroup FROM user WHERE username =" . tosql($sLogin, "Text") . " AND userpass=" . tosql(md5($sPassword), "Text"));
$is_passed = $db->next_record();
if($is_passed)
{
//-------------------------------
// Login and password passed
//-------------------------------
set_session("UserID", $db->f("userid"));
set_session("UserRights", $db->f("usergroup"));
$sPage = get_param("ret_page");
if (strlen($sPage))
{
header("Location: " . $sPage);
exit;
}
else
{
header("Location: .php");
exit;
}
}
else
{
$sloginErr = "Login or Password is incorrect.";
}
===========================================================
and noticed this line:
else
{
header("Location: .php");
exit;
Which is why I think its redirecting to .php
Any reasons as to why?
|
|
|
 |
Dylan
|
| Posted: 07/11/2003, 9:30 AM |
|
The problem is CC is using the getenv() function in the check_security function which doesn't work on IIS ISAPI. See http://us3.php.net/manual/en/function.getenv.php
The better way to get server environment variables with current versions of PHP is the $_SERVER array. See http://us3.php.net/manual/en/language.variables.predefined.php
So instead of doing getenv("REQUEST_URI") you do $_SERVER['REQUEST_URI']
Below is a fixed up version of the check_security function in Common.php which works for me in all my PHP CC projects running on IIS in ISAPI mode.
function check_security($security_level)
{
$return_page = $_SERVER['REQUEST_URI'];
if($return_page === "") { $return_page = $_SERVER['SCRIPT_NAME'] . "?" . $_SERVER['QUERY_STRING']; }
if(!session_is_registered("UserID"))
{
header ("Location: Login.php?querystring=" . urlencode($_SERVER['QUERY_STRING']) . "&ret_page=" . urlencode($return_page));
exit;
}
else if(!session_is_registered("UserRights") || get_session("UserRights") < $security_level)
{
header ("Location: Login.php?querystring=" . urlencode($_SERVER['QUERY_STRING']) . "&ret_page=" . urlencode($return_page));
exit;
}
}
|
|
|
|
Dylan
|
| Posted: 07/14/2003, 9:05 AM |
|
Whoops! I jumped the gun there, cuz I had to run to a meeting. I forgot that REQUEST_URI doesn't exist as a environment variable in IIS, and CodeCharge should really use one of the attributes that is the same across IIS, Apache, and other web servers. I wrote a bug on this, maybe as much as a year ago, but it's been a long time since there has been any updates to the non-studio CodeCharge product. Anyways, replace REQUEST_URI with SCRIPT_NAME and it will work. I think $php_self is also valid. Here's the correct code...
function check_security($security_level)
{
$return_page = $_SERVER['SCRIPT_NAME'];
if($return_page === "") { $return_page = $_SERVER['SCRIPT_NAME'] . "?" . $_SERVER['QUERY_STRING']; }
if(!session_is_registered("UserID"))
{
header ("Location: Login.php?querystring=" . urlencode($_SERVER['QUERY_STRING']) . "&ret_page=" . urlencode($return_page));
exit;
}
else if(!session_is_registered("UserRights") || get_session("UserRights") < $security_level)
{
header ("Location: Login.php?querystring=" . urlencode($_SERVER['QUERY_STRING']) . "&ret_page=" . urlencode($return_page));
exit;
}
}
|
|
|
|
|
